1 / 21

Cryptography I

Cryptography I. Dimitrios Delivasilis Department of Information and Communication Systems Engineering University of Aegean. Who am I …. Dr. Dimitrios Delivasilis E-mail: d.delivasilis@isecure-e.com

almira
Télécharger la présentation

Cryptography I

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography I Dimitrios Delivasilis Department of Information and Communication Systems Engineering University of Aegean

  2. Who am I … • Dr. Dimitrios Delivasilis • E-mail: d.delivasilis@isecure-e.com • Web:http://www.icsd.aegean.gr/info-sec-lab/userpages/fellows/d.delivasilis/d.delivasilis_start.htm • Office: 2nd Floor, Lymberis Building • Office Telephone: TBA • Office Hours: Monday all day

  3. Course Breakdown • Objective: Introduce main principles of conventional cryptography and explore modern cryptographic techniques • The module is approximately consisted of 12 three-hour lectures and 2 revision sessions. • Overall course mark: 60% Exam + 40% Coursework

  4. Bibliography • B. Schneier, “Applied Cryptography,” Second Edition, John Wiley & Sons, 1996 • A. Menezes, P. van Oorschot, S. Vanstone, “Handbook of Applied Cryptography,” CRC Press, 1996 http://www.cacr.math.uwaterloo.ca/hac • I. Niven, H. S. Zuckerman, H. L. Montgomery, “An Introduction to the Theory of Numbers,” John Wiley and Sons Inc., 1991. • T.M. Cover, J. A. Thomas, “Elements of Information Theory,” John Wiley and Sons Inc., 1991

  5. Topics to be covered • One way and trap door functions • Pseudorandom bit generators and functions • Block ciphers and modes of operation • Stream ciphers • Private key encryption • Public key encryption • Message authentication • Digital signatures • Key distribution • Cryptographic protocols • Mathematics for cryptography

  6. Need for Security We describe the IT industry as s $2-3 trillion business but do we really have an idea of the value of data that the IT industry support? Security is a necessity, we cannot afford to treat it as a luxury.

  7. Current Security Attitude • Information security hasn’t yet adopted risk management as a philosophy • Instead of creating a culture of security, we are often creating a culture of getting around security • We treat any information security activity as burning corporations’ money without any return value

  8. Consequences • Security breaches with catastrophic monetary implications: • “Melissa” in 1999 caused $80 million damages worldwide • “I Love You” in 2000, within one day, caused $100 million in United States damages and over $1billion worldwide. • Security reported incidents are seriously mining corporation’s profile, creating more complications and spreading fear among its customers

  9. The Security Trinity The security trinity should be the foundation for all security policies and measures that an organisation develops and deploys

  10. Get to know your opponent • Hacker or else adversary: People trying to access and even use/alter data on sites without the necessary permission • They are divided into three categories: • Amateurs • Crackers • Career Criminals

  11. Security Requirements Computer security may be described in terms of its main six characteristics: 1. Integrity 2. Confidentiality 3. Availability 4. Authentication 5. Non-repudiation 6. Access control

  12. Source Destination Source Destination (a) Normal flow of information from a source to a destination (b) Interruption Source Destination Source Destination Non authorised Destination Non authorised Destination (d) Fabrication (c) Modification Source Destination Non authorised Destination (e) Interception Security Threats and Attacks The main four categories of possible security attacks

  13. Passive Threats Interception Release of message contents Traffic Analysis Active Threats Masquerade Replay Modification of message contents Denial of Service Passive vs. Active Attacks

  14. Basics of Conventional Cryptography… Definition: Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication (Menezes et al., 1997)

  15. Milestones of Cryptography 1918 William F. Friedman, “The index of Coincidence and its applications in Cryptography.” • Edward H. Herbern filed the first patern for a rotor machine • Claude Shannon, “The Communication Theory of Secrecy Systems.” • David Kahn, “The codebreakers.” • W. Diffie and M. Hellman proposed Public Key Cryptography 1978 Rivest, Shamir and Adleman: 1st public encryption and signature scheme, referred to as RSA. 1980 NSA via the American Council on Education seek Congress’s approval to obtain legal control of publications in the field of cryptography

  16. Cryptographic Objectives • Confidentiality • Data Integrity • Authentication • Non-repudiation

  17. Cryptosystem Evaluation • Level of security • Functionality • Methods of Operation • Performance • Ease of Implementation

  18. Background on functions… • What is function f? • 1-1, onto, bijection • Inverse function • One way functions: • Function f from X to Y, one-way, if f(x) “easy” to compute for all x  X, but for “essentially all” y  Im(f) “computationally infeasible” to find any x  X such that f(x)=y

  19. … Background on functions • Trapdoor one-way functions: • Trapdoor one-way function is a one-way function with the additional property that given some extra information (trapdoor information) it becomes feasible to find for any given y  Im(f), an x  X such that f(x)=y • Permutation • Involution

  20. Basic Terminology • A: denotes a finite set called the alphabet of definition • M: denotes a set called the message space • C: denotes a set called the ciphertext space

  21. Encryption and Decryption… • Encryption is the transformation of text or other data into coded form, often compressed in addition, for transmission over a public network or for protection of data stored on disks. • "Encryption is basically an indication of users' distrust of the security of the system, the owner or operator of the system, or law enforcement authorities." L. Rose, 1995. • K: denotes a set called the key space.

More Related